Employee Security Awareness Training Program
|
|
- Randall Warner
- 6 years ago
- Views:
Transcription
1 Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015
2 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor, partner, vendor or individual logging into an InComm database or network who is granted access to or uses InComm s systems. The Chief Security Officer and Information Security Department ( InfoSec ) is in charge of and maintains this Program. Questions about your obligations under this Program should be directed to InfoSec. 2. Purpose This purpose of this Program is to (a) concisely describe InComm s information security program and standards, (b) provide guidance on how InComm safeguards sensitive personally identifiable information that it collects, receives or controls and (c) describe the administrative, technical and physical safeguards InComm implements, so you understand and comply with all security obligations. InComm expects and requires that all employees will conduct any and all information services activities on behalf of InComm in accordance with the security and usage guidelines in this Program. For purposes of this Program, sensitive personally identifiable information means (a) social security numbers, (b) financial account numbers (including credit card numbers), (c) identification card, drivers license or government-issued ID numbers, (d) personal health information (including medical identification or health insurance identification number), and (e) online account identifiers (e.g. user names/passwords) ( Sensitive Data ). This Program was created based on and will continue to support InComm s assessment of reasonably foreseeable internal and external risks to the security, confidentiality and integrity of electronic, paper and other records containing Sensitive Data. InComm has and will continue to evaluate, and where necessary improve, the effectiveness of its safeguards to limiting such risks, including employee training, ensuring ongoing employee compliance with this Program, and the development of measures for detecting and preventing security system failures. 3. Responsibilities COLLECTION You will use your best efforts to avoid collecting any Sensitive Data that is not needed for a business function. STORAGE AND ACCESS You will ensure that all Sensitive Data in your custody or under your control (and electronic, paper, or other records containing Sensitive Data) is stored in secure and locked facilities, storage areas, containers or other secured environments. If you see someone you do not know accessing Sensitive Data or present in a secured area you should report them to Human Resources or InfoSec. Only those individuals who have a need to use Sensitive Data for legitimate company business purposes and to fulfill their job duties may access such data, and you will ensure that 2 Proprietary and Confidential
3 reasonable restrictions are placed on access to records containing Sensitive Data in your custody or under your control. If you are aware of or suspect Sensitive Data is not properly secured, you will report such insecurity to InfoSec. Computer accounts are assigned on an individual basis, to be used only by the assigned employee and must not be shared. Every individual who has a legitimate need to access InComm computer systems and networks will be assigned unique (non-default) passwords, which passwords are reasonably designed to maintain the integrity and security of access controls. If you are in charge of distributing and assigning such passwords, you will ensure that the terms of this Program are met. No terminated employees are permitted access to records containing Sensitive Data. If your job function includes working with or handling terminated employees, you understand that you will be required to take all the steps necessary to prohibit terminated employees from accessing Sensitive Data as such steps will be communicated to you from time to time. InComm requires the use of secure user authentication protocols to allow access to Sensitive Data on computers. To the extent that these issues fall within the scope of your job duties, you will ensure that the provisions of this Program are met, including: Controlling user IDs and other identifiers that are used to access Sensitive Data; Changing all vendor-supplied default settings, including passwords, encryption keys, and other security-related settings; Using a reasonably secure method of assigning and selecting passwords that are used to access Sensitive Data, or using unique identifier technologies, such as token devices; Controlling access to security passwords used to access Sensitive Data, and ensuring that such passwords are kept in a location or in a format that does not compromise the security of the information they protect; Restricting access to computers that contain Sensitive Data to only active users and active user accounts; and Blocking access to user identification after multiple unsuccessful attempts to gain access to Sensitive Data. You understand that InComm requires network and computer systems containing Sensitive Data be monitored, using reasonable monitoring systems and approaches, for unauthorized access or use of Sensitive Data. BREACHES A breach of data security could lead to the loss of InComm employee, customer and/or company Sensitive Data. In the event of a suspected or actual breach of security an appropriate technology authority may make inaccessible or remove any unsafe user/login names, data and/or programs from the network. Employees are responsible for immediately reporting any suspected or known breach of security to InfoSec. TRANSPORTATION Storing Sensitive Data on laptops or other portable devices is strongly discouraged, and should be limited to situations in which it is absolutely necessary to fulfill your job duties. Do not confidential information or Sensitive Data to your personal account or maintain Proprietary and Confidential 3
4 a copy of any document containing such information or Data on your laptop or other portable device. Any Sensitive Data used on a laptop or portable device must be proactively deleted after use. If necessary, all Sensitive Data stored on laptops or other portable devices must be encrypted, as must any files containing Sensitive Data that will travel across public networks or be transmitted wirelessly. Encrypted means using appropriate and current technologies to ensure that data is transformed into a form in which meaning cannot be assigned without the use of a confidential process or key. The data must be altered to be encrypted. Files containing Sensitive Data that are electronically stored, transmitted or on portable systems connected to the Internet, must have reasonably up-to-date firewall protection and operating system security patches, which firewalls and patches are designed to maintain the integrity of the Sensitive Data. Such files also must have up to date system security agent software, which must include malware protection and reasonably up to date patches and virus definitions. DISCLOSURE Sensitive Data may be disclosed outside of InComm only to third party service providers with whom InComm has a written agreement in place, under which agreement the third party has agreed to use the Sensitive Data only for InComm s business purposes and in compliance with all applicable laws, rules, regulations, and company policies, including the safeguard procedures outlined in this Program, in Massachusetts 201 C.M.R , and Nevada N.R.S. 603A.210. In selecting service providers who will or may handle Sensitive Data, InComm takes reasonable steps to select and retain only those parties that are capable of maintaining appropriate security measures to protect Sensitive Data as outlined in this Program. If you are in charge of selecting such third parties, you understand that you will be required to ensure that they can provide such security safeguards and commitments, and to work with InfoSec to ensure such commitments are in place. SOCIAL SECURITY NUMBER HANDLING PROCEDURES InComm is obligated under state and federal laws to safeguard Social Security Numbers. All employees that handle Social Security Number information (or any other government-issued ID numbers) are required to comply with the following security requirements. All electronic files containing Social Security Numbers (or any other government-issued ID numbers, such as drivers license numbers) will be appropriately protected. Use the established procedure to save any document containing Social Security Numbers to InComm s internal databases. Under no circumstances should any employee save a document containing Social Security Numbers or any other government-issued ID number to his or her hard drive (Desktop, My Documents, etc.). Ensure that a Social Security Number or government-issued ID number is not written down on paper, ed, or otherwise stored at your desk. Paper documents containing Social Security Numbers or other government IDs must be stored securely in locked filing cabinets designated for that purpose and, eventually, may be destroyed under the Destruction guidelines outlined below. All InComm personnel must immediately report any actual or suspected security incident 4 Proprietary and Confidential
5 involving Social Security Numbers or other government-issued ID number to InfoSec, which will escalate the matter as appropriate. Those found to be violating this Program may be subject to discipline, up to and including termination. CARD ACCOUNT DATA PROTECTIONS InComm is required to have appropriate measures in place to protect network-branded (e.g. Visa, MasterCard, Discover and Amex) card account data. Card account data includes cardholder data, which is the credit, debit or prepaid card account number, as well as the account number plus one or more of the following pieces of information: cardholder name, expiration date and/or service code (the three or four digit number that can be found on front or back of the card, near the expiration date). Credit account data also includes sensitive authentication data, which is personal data used to authenticate cardholders or authorize payment card transactions. InComm s card data protection program is integrated into its overall security strategy. Therefore, all employees who handle card account data are required to comply with the security procedures outlined in this Program, as well as the specific restrictions below. In order to protect card account data, employees must only save and access the information on a firewall-protected, secure network. If the cardholder data needs to be transmitted on a public network, the authorized employees will ensure that the information is encrypted before it is sent. Sensitive authentication data must be deleted after the authorization process is complete, and cannot be stored under any circumstances. In addition to requiring employees to comply with these requirements, InComm will only allow employees to access to card account data if they need to do so to fulfill their job responsibilities. InComm will also track and monitor all access to card account data. PHYSICAL SAFEGUARDS InComm takes reasonable steps to implement safeguards to protect InComm facilities and equipement from unauthorized access. InComm also protects information through physical security levels and clear desktop and workspace policies to prevent inadvertent disclosures. Follow all relevant procedures relating to physical security, including use of your personal badge and care of your equipment and work station. If you are aware of or suspect there has been unauthorized access to your equipment or work station, immediately notify InfoSec. SYSTEMS MANAGEMENT AND MONITORING InComm takes reasonable steps to monitor its systems for unauthorized use or access to Sensitive Data. If you are aware of or suspect there has been a breach of Sensitive Data, immediately notify InfoSec, which will initiate a response. In the event of a breach of Sensitive Data, InComm requires documentation of all responsive steps in accordance with InComm s Security Incident Response Plan. InComm also requires a post-incident review of the events and any actions taken to change business practices for Sensitive Data. InComm regularly monitors this Program, at least annually or whenever there is a material change in business practices that may reasonably implicate the security or integrity of data containing Sensitive Data, to ensure that it is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Sensitive Data. Where necessary, InComm will update its security policies, including this Program, as necessary to limit risks. Proprietary and Confidential 5
6 DESTRUCTION Except as otherwise directed by InfoSec, InComm personnel shall dispose of Sensitive Data no longer needed for a business function in a responsible manner. Paper documents containing Sensitive Data, especially Social Security Numbers or any other government IDs, and cardholder data, must be shredded and securely disposed of. For electronic data, employees must permanently erase or otherwise modify the Sensitive Data to make it permanently unreadable or indecipherable. Sensitive Data should be disposed of in accordance with InComm s Record Retention Policy. If you have any questions regarding the destruction of data, contact your supervisor or InfoSec. TRAINING, MONITORING AND DISCIPLINE As part of InComm s training of directors, officers and employees, you acknowledge that you (a) have read and understand your obligations and InComm s legal obligations as set forth in this Program, (b) understand the importance to InComm of the security of Sensitive Data and the proper use of computer programs, networks, systems, paper records and other materials that contain Sensitive Data, and (c) will take all steps necessary to ensure that those obligations are met. Additionally, in the event that, in InComm s sole discretion, you violate the terms of this Program, you understand that InComm may take disciplinary action against you, up to and including terminating your employment. 6 Proprietary and Confidential
3 rd Party Certification of Compliance with MA: 201 CMR 17.00
3 rd Party Certification of Compliance with MA: 201 CMR 17.00 The purpose of this document is to certify the compliance of Strategic Information Resources with 201 CMR 17.00. This law protects the sensitive
More information201 CMR COMPLIANCE CHECKLIST Yes No Reason If No Description
Do you have a comprehensive, written information security program ( WISP ) WISP) applicable to all records containing personal information about a resident of the Commonwealth of Massachusetts ( PI )?
More informationSTATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)
ASSEMBLY, No. 0 STATE OF NEW JERSEY th LEGISLATURE INTRODUCED NOVEMBER 0, 0 Sponsored by: Assemblywoman ANNETTE QUIJANO District 0 (Union) SYNOPSIS Requires certain persons and business entities to maintain
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationCOMMENTARY. Information JONES DAY
February 2010 JONES DAY COMMENTARY Massachusetts Law Raises the Bar for Data Security On March 1, 2010, what is widely considered the most comprehensive data protection and privacy law in the United States
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationSection 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016
Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationFrequently Asked Question Regarding 201 CMR 17.00
Frequently Asked Question Regarding 201 CMR 17.00 What are the differences between this version of 201 CMR 17.00 and the version issued in February of 2009? There are some important differences in the
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationUNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017
UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017 I. Introduction Institutional information, research data, and information technology (IT) resources are critical assets
More informationIAM Security & Privacy Policies Scott Bradner
IAM Security & Privacy Policies Scott Bradner November 24, 2015 December 2, 2015 Tuesday Wednesday 9:30-10:30 a.m. 10:00-11:00 a.m. 6 Story St. CR Today s Agenda How IAM Security and Privacy Policies Complement
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationInformation Technology Standards
Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationPrivacy Breach Policy
1. PURPOSE 1.1 The purpose of this policy is to guide NB-IRDT employees and approved users on how to proceed in the event of a privacy breach, and to demonstrate to stakeholders that a systematic procedure
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationThe City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.
Policy Number: 10-09-02 Section: Roads and Traffic Subsection: Traffic Operations Effective Date: April 25, 2012 Last Review Date: Approved by: Council Owner Division/Contact: For information on the CCTV
More informationProtecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program
More informationUNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017
UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017 I. Introduction Institutional information, research data, and information technology (IT) resources are critical assets
More informationHIPAA Security Manual
2010 HIPAA Security Manual Revised with HITECH ACT Amendments Authored by J. Kevin West, Esq. 2010 HALL, FARLEY, OBERRECHT & BLANTON, P.A. DISCLAIMER This Manual is designed to set forth general policies
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationUWTSD Group Data Protection Policy
UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful
More informationMoat Analytics MSA Data Processing Addendum
Moat Analytics MSA Data Processing Addendum 1. Scope, Order of Precedence and Term 1.1 These additional data privacy terms (the Data Processing Addendum ) apply to Oracle s Processing of Personal Data
More informationRecords Management and Retention
Records Management and Retention Category: Governance Number: Audience: University employees and Board members Last Revised: January 29, 2017 Owner: Secretary to the Board Approved by: Board of Governors
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationPCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard
Introduction Verba provides a complete compliance solution for merchants and service providers who accept and/or process payment card data over the telephone. Secure and compliant handling of a customer
More informationIDENTITY THEFT PREVENTION Policy Statement
Responsible University Officials: Vice President for Financial Operations and Treasurer Responsible Office: Office of Financial Operations Origination Date: October 13, 2009 IDENTITY THEFT PREVENTION Policy
More informationRegulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationAcceptable Use Policy
Acceptable Use Policy POLICY 07.01.01 Effective Date: 01/01/2015 The following are responsible for the accuracy of the information contained in this document Responsible Policy Administrator Information
More informationGramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationRed Flags Program. Purpose
Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationSouthern Adventist University Information Security Policy. Version 1 Revised Apr
Southern Adventist University Information Security Policy Version 1 Revised Apr 27 2015 Summary The purpose of this policy statement is to establish the requirements necessary to prevent or minimize accidental
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationProtecting Your Gear, Your Work & Cal Poly
9/20/2016 1 Protecting Your Gear, Your Work & Cal Poly Information Security Office Shar i f Shar i f i, CI SSP, CRISC Kyle Gustafson, Information Security Analyst Jon Vasquez, Information Security Analyst
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationPolicy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4
Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of
More informationStandard for Security of Information Technology Resources
MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationMobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services
Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationPrivacy Policy on the Responsibilities of Third Party Service Providers
Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016,
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationThis Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationLearning Management System - Privacy Policy
We recognize that visitors to our Learning Management System (LMS) may be concerned about what happens to information they provide when they make use of the system. We also recognize that education and
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationInternet, , Social Networking, Mobile Device, and Electronic Communication Policy
TABLE OF CONTENTS Internet, Email, Social Networking, Mobile Device, and... 2 Risks and Costs Associated with Email, Social Networking, Electronic Communication, and Mobile Devices... 2 Appropriate use
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationPOLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6
POLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6 North Gem School District No. 149 establishes the following guidelines to provide administrative direction pertaining to the retention
More informationPTLGateway Data Breach Policy
1 PTLGateway Data Breach Policy Last Updated Date: 02 March 2018 Data Breach Policy This page informs you of our policy which is to establish the goals and the vision for the breach response process. This
More informationAGREEMENT FOR RECEIPT AND USE OF MARKET DATA: ADDITIONAL PROVISIONS
EXHIBIT C AGREEMENT FOR RECEIPT AND USE OF MARKET DATA: ADDITIONAL PROVISIONS 21. NYSE DATA PRODUCTS (a) SCOPE This Exhibit C applies insofar as Customer receives, uses and redistributes NYSE Data Products
More informationBring Your Own Device Policy
Title: Status: Effective : Last Revised: Policy Point of Contact: Synopsis: Bring Your Own Device Policy Final 2017-Jan-01 2016-Nov-16 Chief Information Officer, Information and Instructional Technology
More informationDocument No.: VCSATSP Restricted Data Protection Policy Revision: 4.0. VCSATS Policy Number: VCSATSP Restricted Data Protection Policy
DOCUMENT INFORMATION VCSATS Policy Number: VCSATSP 100-070 Title: Restricted Data Protection Policy Policy Owner: Infrastructure Manager Effective Date: 5/1/2013 Revision: 4.0 TABLE OF CONTENTS DOCUMENT
More informationGM Information Security Controls
: Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationHow To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation
How To Establish A Compliance Program Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda High level requirements A written program A sample structure Elements of the program Create
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationBeam Technologies Inc. Privacy Policy
Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationInformation Security Policy for Associates and Contractors
Information Security Policy for Associates and Contractors Version: 1.13 Date: 11 October 2016 Reference: 67972761 Location: Livelink Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationPayThankYou LLC Privacy Policy
PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the
More informationAcceptable Use Policy
Acceptable Use Policy 1. Purpose The purpose of this policy is to outline the acceptable use of computer equipment at Robotech CAD Solutions. These rules are in place to protect the employee and Robotech
More informationEco Web Hosting Security and Data Processing Agreement
1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have
More informationHIPAA Privacy and Security Training Program
Note The following HIPAA training is intended for Vendors, Business Associates, Students, Pre Approved Shadowers, and Visitors. The following training module does not provide credit for annual training
More informationPOLICY 8200 NETWORK SECURITY
POLICY 8200 NETWORK SECURITY Policy Category: Information Technology Area of Administrative Responsibility: Information Technology Services Board of Trustees Approval Date: April 17, 2018 Effective Date:
More informationBuilding a Privacy Management Program
Building a Privacy Management Program February 26, 2013 Office of the Information and Privacy Commissioner of Alberta Session Overview Reasons for having a PMP Strategies to deal with current and future
More informationBYOD (Bring Your Own Device): Employee-owned Technology in the Workplace
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org The information
More informationShaw Privacy Policy. 1- Our commitment to you
Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of
More informationTable of Contents. 1.1 Terminology Acronyms Related Documents... 7
Information Security Program Company Policy Document Version 1.80 10/20/2017 Table of Contents 1 OVERVIEW... 5 1.1 Terminology... 5 1.2 Acronyms... 7 1.3 Related Documents... 7 2 DUTY TO PROTECT AND STANDARDS
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationFerrous Metal Transfer Privacy Policy
Updated: March 13, 2018 Ferrous Metal Transfer Privacy Policy Ferrous Metal Transfer s Commitment to Privacy Ferrous Metal Transfer Co. ( FMT, we, our, and us ) respects your concerns about privacy, and
More informationDocument Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes
Effective Date: 01/01/2014 Page 1 of 7 REVISION HISTORY Revision No. Revision Date Authors Description of Changes 1.0 11/04/2013 CISO Populate Into Standard Template APPROVED BY This Policy is established
More informationHousecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009
Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009 Privacy Policy Intent: We recognize that privacy is an important issue, so we design and operate our services with
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationTIME SYSTEM SECURITY AWARENESS HANDOUT
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/16/2017 2018 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More informationCreative Funding Solutions Limited Data Protection Policy
Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationGENERAL PRIVACY POLICY
GENERAL PRIVACY POLICY Introduction The Australian Association of Consultant Pharmacy Pty Ltd (ACN 057 706 064) (the AACP) is committed to protecting the privacy of your personal information. This privacy
More information